I conduct research on the socio-technical aspects of cybersecurity. My current work includes analysis of gains and losses due to undesirable activity on the Internet, investigating human factors in effective Internet security mechanisms, and building new technological primitives with the goal of increasing the practical security and privacy of Internet users.

I am very interested in new collaborations, motivated students, and lively conversation regarding security research - please reach out via email or twitter if you’d like to chat!

1. Mohammad Taha Khan, Joe DeBlasio, Chris Kanich, Geoffrey M. Voelker, Alex C. Snoeren, and Narseo Vallina-Rodriguez, “An Empirical Analysis of the Commercial VPN Ecosystem,” in Proceedings of the ACM Internet Measurement Conference, 2018.
2. Mohammad Ghasemisharif, Amrutha Ramesh, Stephen Checkoway, Chris Kanich, and Jason Polakis, “O Single Sign-Off, Where Art Thou? An Empirical Analysis of Single Sign-On Account Hijacking and Session Management on the Web,” in Proceedings of the 27th USENIX Security Symposium, 2018.
3. Ameya Hanamsagar, Simon Woo, Chris Kanich, and Jelena Mirkovic, “Leveraging Semantic Transformation to Investigate Password Habits and Their Causes,” in Proceedings of the ACM Conference on Human Factors in Computing Systems, 2018. PDF
4. Mohammad Taha Khan, Maria Hyun, Chris Kanich, and Blase Ur, “Forgotten But Not Gone: Identifying the Need for Longitudinal Data Management in Cloud Storage,” in Proceedings of the ACM Conference on Human Factors in Computing Systems, 2018. PDF
5. Rashid Tahir, Ali Raza, Faizan Ahmad, Jehangir Kazi, Fareed Zaffar, Chris Kanich, and Matthew Caesar, “It’s All in the Name: Why Some URLs are More Vulnerable to Typosquatting,” in Proceedings of the IEEE Conference on Computer Communications (INFOCOM), 2018. PDF
6. Peter Snyder, Cynthia Taylor, and Chris Kanich, “Most Websites Don’t Need to Vibrate: A Cost–Benefit Approach to Improving Browser Security,” in Proceedings of the 2017 ACM Conference on Computer and Communications Security, 2017. PDF
7. Peter Snyder, Periwinkle Doerfler, Chris Kanich, and Damon McCoy, “Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing,” in Proceedings of the 2017 Internet Measurement Conference, 2017. PDF
8. Ivan Brugere, Chris Kanich, and Tanya Berger-Wolf, “Evaluating Social Networks Using Task-Focused Network Inference,” in Proceedings of the 2017 Workshop on Mining and Learning with Graphs, 2017. PDF
9. Pete Snyder, Laura Waitker, Cynthia Taylor, and Chris Kanich, “CDF: Predictably Secure Web Documents,” in Proceedings of the Workshop on Technology and Consumer Protection, 2017. PDF
10. Mohammad Taha Khan and Chris Kanich, “Old is Still Gold: A Comparison of Cyber and Traditional Consumer Fraud in The United States,” in Proceedings of the Workshop on Technology and Consumer Protection, 2017. PDF
11. Sara Amini and Chris Kanich, “Characterizing Malware Infection and Remediation Through Support Forum Analysis,” in Proceedings of the Symposium on Electronic Crime Research (IEEE), 2017. PDF
12. Peter Snyder, Lara Ansari, Cynthia Taylor, and Chris Kanich, “Browser Feature Usage on the Modern Web,” in Proceedings of the 2016 Internet Measurement Conference, 2016. PDF
13. Peter Snyder and Chris Kanich, “Characterizing Fraud and Its Ramifications in Affiliate Marketing Networks,” Journal of Cybersecurity, 2016.
14. Peter Snyder, Michael K. Reiter, and Chris Kanich, “The Effect of Repeated Login Prompts on Phishing Susceptibility,” in Proceedings of the Workshop on Learning from Authoritative Security Experiment Results, 2016. PDF
15. Mohammad Taha Khan and Chris Kanich, “High Fidelity, High Risk, High Reward: Using High-Fidelity Networking Data in Ethically Sound Research,” in Proceedings of the ACM SIGCOMM Workshop on Ethics in Networked Systems, 2015. PDF
16. Peter Snyder and Chris Kanich, “No Please, After You: Detecting Fraud in Affiliate Marketing Networks,” in Workshop on the Economics of Information Security, 2015. PDF
17. Mohammad Taha Khan, Xiang Huo, Zhou Li, and Chris Kanich, “Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting,” in Proceedings of the 36th IEEE Symposium on Security and Privacy, 2015. PDF
18. Jason W. Clark, Peter Snyder, Damon McCoy, and Chris Kanich, “I Saw Images I Didn’t Even Know I Had: Understanding User Perceptions of Cloud Storage Privacy,” in Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, 2015. PDF
19. Peter Snyder and Chris Kanich, “One Thing Leads to Another: Credential Based Privilege Escalation,” in Proceedings of the 5th ACM Conference on Data and Application Security and Privacy (Poster Session), 2015. PDF

The CRISP project is building a new web front end language and paradigm to enable rich document publishing while providing greatly increased privacy and security over traditional HTML/JS/CSS based sites.

Our Harm Measurement research effort aims to characterize and quantify the damage experienced by victims of cybercrime.